Microsoft will be putting out eight security patches on 8 April, five of them with the unlovable critical label, in the latest run of its regular update cycle.
The critical updates cover a brace of bugs in Internet Explorer, a pair on Windows and one involving Office. All five might lend themselves to remote execution of …

COMMENTS

Thier own worse enemy

Everyone keeps stating that Linux will take down MS. This is not going to happen.

Why???

Microsoft will bring about thier own demise through thier underhanded way of dealing with competition. They have decided a long time ago to build such programs as IE and Outlook into the OS so as to circumvent competitors. This is now bitting them in the A$$ as a bug in one will leave the system open to an attack. The best thing that could have happened for MS was that the ruling a few years ago stated they have to split between OS and software. Then with the programs not so tightly intertwined it would be less open to attacks.

Vista-bashing again. Yawn.

Nice jump-on-bandwagon headline there. The issues have affected several releases of Windows (including XP which has been out for much longer and had not one but TWO service packs and Server 2000 which has FOUR, yes FOUR Service Packs already omg!!!!)

Being a developer, I know that if you develop something and nobody breaks it for 7 years (XP), you don't try to completely rewrite it just for the sake of it; it's not profitable to rewrite everything, only the parts where there are problems.

Now it emerges there are previously undiscovered problems and they're fixing it in all supported releases. What's the problem with that? Surely it's a good thing that they fix a problem that emerges in all their releases?

But that wouldn't make a good headline to say they have to fix it in Vista, XP, Server 2k, etc etc; is much more sensational to kick Vista even more so you can 'hang out with the gang' rather than to actually report the facts.

M$ Keeps Admins Busy

Title should be "MS Keeps Admins Busy". That way, M$ hopes to keep them so busy they have no time to think. M$ hopes the idea that they could live without that other OS will not creep in. That other OS is not easy to maintain. Patch it and you have lots of downtime for malware, breakage and re-re-reboots. Don't patch it and you have more downtime for malware. With GNU/Linux, I patch when I want, and the system just keeps running. I feel like the Maytag repairman, with plenty of time to contemplate IT.

Not a saint

@ Mike and SpitefulGOD (really?)

if a company's marketing pitch says (for 20+ years) that its development process is excellent, superior, and puts out highly optimal code for a top-notch product, but the company has to release an endless, regular stream of fixes for remotely exploitable bugs, then people will point and laugh, and rightly so. they point and laugh at Comcast for lying and getting caught, why should MS get a pass?

if the same company points to other people's products and claims they are inferior, it would be more believable if this company did not continually overpromise and underdeliver (have supported Windows since before 95 came out, and Vista is the worst i've seen yet).

Ubuntu makes no promises of perfection, so no reason to whine. Apple has been putting out some marketing tripe recently, especially considering the number of big, ugly problems in the Leopard release, but a bad day on Leopard (with Time Machine) is still better than a bad day with Windows (any version). i speak as one who does not own an iPod or an iPhone, and likely never will.

everybody's biological byproduct smells, but it helps if one does not insist that one's stuff smells like roses, or stinks less than everyone else's mess.

@SpitefulGOD

How many of those updates actually required a reboot or two? I think you will have noticed the system just updated itself and kept going. The updates are for the whole installed app base, not just the underlaying Linux. I prefer to get updates immediately, not once a month, that way I know I have safer systems.

Re: Vista-bashing again. Yawn

Oh dear, I guess you didn't get the press release.

Vista was *allegedly* written from the ground up, with new and improved coding standards and security in mind. The reason this is a news story is MS appear to have lied and just copy/pasted chunks of (flawed) code from XP. Again.

Yes, we expect the odd flaw in Vista (tho preferably not remote admin/system exploits) but we don't expect to see the same flaws in Vista as we see in XP.

@Robert Pogson, fellow "Maytag Repairman"

My currently largest client keeps me busier with fixing their Xerox photocopiers than with fixing their desktop PCs. I look forward to "patch tuesday" because I get to so some actual IT work once a month, and that's just to make sure the servers are updated before the weekend backup. The desktops update themselves.

As for waiting in fear before the patches come? I don't lose sleep over it. I do enough stuff before the fact that these so-called "zero day" exploits don't do any damage. No client of mine had to deal with a case of exploitation in five years now. Worst damage I have to undo these days is restoring stuff from backup that users delete by mistake.

Which is good, because I have time to work on improving things further and installing new stuff. And I have time to fix the broken copier again. If Xerox could make a machine that fixed itself...

@Ross, re: copy/paste of flawed code

Two of the flaws were in Internet Explorer. It's plausible that IE7 has shared code between the XP and Vista versions of it, so the two could share a flaw.

As for the OS base patches, I'd be surprised if the exact same patch was used on both or all three NT-based systems. Same flaw != same code necessarily.

There's a case for retiring XP, and for that matter, retiring 2K. MS has to write, very likely, three different versions of the same patch to address how the same flaw affects two or three differing systems. They're not using up manpower to fix the same browser flaws in Windows 98, ME, or NT4, and they're not using up manpower to fix the same OS flaw in NT4.

I have further commentary about how impatient the user base is regarding OS releases, and how that encourages copy/paste of code, but I'll save that for another rant.

And finally, I like seeing how El Reg is spreading the patch love. Nice to see Apple and the makers of Opera tossed into the same bin these days.

@JC, re: Double Standards

"Don't you always love how some dimwit comes along and thinks if we have legitimate concerns, if we do anything but praise a product and the company then we must be bashers?"

I draw a line between bug reporting and complaints, and outright bashing. There seems to be a knee-jerk reaction to any bug / flaw / exploit / patch related to Microsoft from certain folks, and the same folks do not react as strongly to bugs / flaws / exploits / patches related to any other firm. I think that's why El Reg started providing ready-to-use cut and paste comments.

It's obvious when you compare the two, actually. In 2002, Sophos issued 226 patches for one product, while Microsoft issued 72 patches for their entire product line.

http://www.vmyths.com/column/1/2003/1/23/

I couldn't find one example of Sophos bashing from 2002 that didn't come from vmyths. Microsoft bashing? I lost count of the Google hits.

Service pack...

Service Pack 1 for Vista was feature frozen months ago. Any changes made to it during the beta/RC stage were purely for compatibility and fixes to the pack.

Adding new features during beta/RC stage are what causes problems. "Oh, this one won't make any difference" but when combined with all the other ones being installed at the same time may introduce problems.

Critising MS for updates so soon after SP1 has been released is a bit lame.